Details
-
Bug
-
Resolution: Fixed
-
Major
-
Lustre 2.12.2
-
None
-
CentOS 7.6, ldiskfs, 2.12.2_116+3
-
3
-
9223372036854775807
Description
We're considering using project quotas in the future but we noticed that users can change or clear the project id of their own files/directories. How can we restrict access to project IDs only to admins (like ext4 does I guess?). We looked at the manual but couldn't find how permissions are handled. Sorry if we missed something obvious.
[root@fir-io7-s2 users]# ls -ld /firhdr/users/sthiell
drwxr-x--- 4 sthiell root 4096 Sep 30 20:30 /firhdr/users/sthiell
[root@fir-io7-s2 users]# lfs project -d /firhdr/users/sthiell
10 P /firhdr/users/sthiell
[root@fir-io7-s2 users]# su -m sthiell
bash-4.2$ cd /firhdr/users/sthiell
bash-4.2$ lfs project -C .
bash-4.2$ lfs project -d .
0 - .
Attachments
Issue Links
- is related to
-
-
- Resolved
-
Activity
Wang Shilong (wshilong@ddn.com) uploaded a new patch: https://review.whamcloud.com/37056
Subject: LU-12826 mdt: limit root to change project state by default
Project: fs/lustre-release
Branch: b2_12
Current Patch Set: 1
Commit: 993b9274805056998282eaac28523841ceaa26ff
Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/36544/
Subject: LU-12826 mdt: limit root to change project state by default
Project: fs/lustre-release
Branch: master
Current Patch Set:
Commit: 8fad70c0872ba13133024e4abf53a0bbee7ba1e9
It would be nice to have a backport of this important patch to b2_12 when it has landed (I tried to apply it but it doesn't work as is). Thanks much!
Wang Shilong (wshilong@ddn.com) uploaded a new patch: https://review.whamcloud.com/36544
Subject: LU-12826 mdt: limit root to change project state
Project: fs/lustre-release
Branch: master
Current Patch Set: 1
Commit: 3d38465be14aa28b89f75384980c4e96e15a1f04
I think it makes sense to add a tunable on the MDS similar to "mdt.*.enable_remote_dir_gid" that allows users in specific groups to also change the projid. By default, I think it makes sense to default to only allow root (CAP_SYS_RESOURCE) to change the projid directly, and set "mdt.*.change_projid_gid=0". Any users in that group (e.g. wheel or admin) can also change projid directly, if it is "-1" then any user can change it.
Hi Li Xi,
Just to clarify, when you say:
> I still think the current behavior (not allowing the file owner to change the project ID of its file) is still useful in a lot of use cases.
It is actually the opposite: currently in Lustre the file owner can change the project ID of its file. That means on filesystems where project quotas are enforced, users can likely bypass their project quota if they use lfs project or chattr -p (if available on the cluster) on their own files. We need a fix to only allow admins to set/change/remove project IDs and this should be the default, as in my understanding, the most common use case with Lustre is to use project quotas to enforce some kind of directory quotas (with inheritance), managed by system administrators, not users.
But a tunable on the server should solve that. 
> rather than a mount option, it would be better to have a tunable on the MDS to control this
Agreed on that.
Oleg Drokin (green@whamcloud.com) merged in patch https://review.whamcloud.com/37056/
Subject:
LU-12826mdt: limit root to change project state by defaultProject: fs/lustre-release
Branch: b2_12
Current Patch Set:
Commit: 11c9ec6384070c0627b45b17e16e1a1c9aea7249